3 Answers
3

What are your goals? I think your goal is to block sites by denying name resolution. If that is your goal, it won't work.

Using IP addresses will still get to the sites.

Using a local hosts file (/etc/hosts) avoids the DNS protocol while providing for a limited subset of name resolution.

Running a local DNS server on the host, but tunneling DNS requests hides the requests from your network.

A much easier alternative to your scheme that still suffers the same weaknesses as above is to block port 53 from traversing your firewall, or inspecting packets and blocking any DNS traffic across the firewall that doesn't come from your DNS server.

a proper network connection cannot be established

I'm not sure what you mean by this. By the time you detect the host using a different DNS server, a network connection will have already been established.

I was mainly intrigued by the network I tried to join that would not establish an internet connection unless I was using the DNS servers assigned by DHCP. With my own 3rd party DNS servers set, I could not contact the outside world at all, even by IP address. I wondered what security advantages such a setup may have, and how it was implemented.
–
Sonny OrdellOct 28 '11 at 19:53

That could be a side-effect of their authorization scheme. For example, if you are proxied through "their.host", your DNS server won't know how to reach the local proxy. Next time, leave your DNS server alone, but use dnslookup with server "8.8.8.8"
–
rox0rOct 28 '11 at 19:58

Captive portals on wireless networks usually block all connections (including DNS) to other hosts before the client machine is authenticated. This to prevent IP-over-DNS tunneling (which would allow Internet access without being authenticated).